CVE-2018-7669

HIGH

Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above - Path Traversal via Log Viewer File Parameter

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-7669. PoCs published by Chris, palaziv.

AI-analyzed exploit summary This is a writeup describing a directory traversal vulnerability in Sitecore.NET 8.1. It details how an attacker can bypass file path validation to access arbitrary files on the host system by appending traversal sequences to a valid log file path.

Description

An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.

Exploits (2)

exploitdb WRITEUP

by Chris · textwebappsaspx

https://www.exploit-db.com/exploits/45152

View Code ZIP pw:eip

This is a writeup describing a directory traversal vulnerability in Sitecore.NET 8.1. It details how an attacker can bypass file path validation to access arbitrary files on the host system by appending traversal sequences to a valid log file path.

Classification

Writeup 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sitecore.NET 8.1 and up

Auth required

Prerequisites: Valid credentials for the Sitecore application · Knowledge of a valid log file name

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC

by palaziv · poc

https://github.com/palaziv/CVE-2018-7669

View Code ZIP pw:eip

This repository contains a Python script that automates the exploitation of CVE-2018-7669, a directory traversal vulnerability in Sitecore. The script bruteforces various paths to access sensitive files like logs and system files (e.g., win.ini, boot.ini) by leveraging the vulnerable endpoint `/sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file=`.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Sitecore (versions affected by CVE-2018-7669)

No auth needed

Prerequisites: Network access to the target Sitecore instance · Vulnerable Sitecore endpoint exposed

MITRE ATT&CK

T1006 - Direct Volume Access T1133 - External Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45152/

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Apr/47

Vendor Advisory x_refsource_confirm

https://kb.sitecore.net/articles/356221

Scores

CVSS v3 7.5

EPSS 0.1748

EPSS Percentile 96.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

sitecore/sitecore.net 8.1 update1 (3 CPE variants)

sitecore/sitecore.net 8.2

Published Apr 27, 2018

Tracked Since Feb 18, 2026